Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:32041
HistoryMay 11, 2015 - 12:00 a.m.

Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429

2015-05-1100:00:00
vulners.com
156
JSON

Information

Advisory by Netsparker.
Name: DOM XSS Vulnerability in Twenty Fifteen WordPress Theme
Affected Software : WordPress
Affected Versions: 4.2.1 and probably below
Vendor Homepage : https://wordpress.org/ and
https://wordpress.org/themes/twentyfifteen/
Vulnerability Type : DOM based Cross-site Scripting
Severity : Important
CVE-ID: CVE-2015-3429
Netsparker Advisory Reference : NS-15-007

Description

By exploiting a Cross-site scripting vulnerability the attacker can
hijack a logged in userโ€™s session. This means that the malicious
hacker can change the logged in userโ€™s password and invalidate the
session of the victim while the hacker maintains access. As seen from
the XSS example in this article, if a web application is vulnerable to
cross-site scripting and the administratorโ€™s session is hijacked, the
malicious hacker exploiting the vulnerability will have full admin
privileges on that web application.

Technical Details

Proof of Concept URL for DOM XSS in WordPress:

http://example.com/wordpress/wp-content/themes/twentyfifteen/genericons/example.html#<img/src/onerror=alert(123)>

For more information on DOM based cross-site scripting vulnerabilities
read the following article:
https://www.netsparker.com/blog/web-security/dom-based-cross-site-scripting-vulnerability/

Advisory Timeline

22/04/2015 - First Contact
07/05/2015 - Vulnerability fixed
07/05/2014 - Advisory released

Solution

Download WordPress version 4.2.2 which includes fix for this vulnerability.

Credits & Authors

These issues have been discovered by Omar Kurt while testing
Netsparker Web Application Security Scanner -
https://www.netsparker.com/web-vulnerability-scanner/

About Netsparker

Netsparker finds and reports security issues and vulnerabilities such
as SQL Injection and Cross-site Scripting (XSS) in all websites and
web applications regardless of the platform and the technology they
are built on. Netsparker's unique detection and exploitation
techniques allows it to be dead accurate in reporting hence it's the
first and the only False Positive Free web application security
scanner. For more information visit our website on
https://www.netsparker.com

Related

patchstack 1
wpvulndb 1
packetstorm 1
checkpoint_advisories 1
wpexploit 1
thn 1
ubuntucve 1
cve 1
debiancve 1
prion 1
openvas 2
securityvulns 2
debian 2
nessus 3
osv 1
patchstack
patchstack
WordPress Genericons Plugin <= 4.2.1 - XSS
2015-04-27 00:00:00
wpvulndb
wpvulndb
Twenty Fifteen Theme <= 1.1 - DOM Cross-Site Scripting (XSS)
2015-05-06 00:00:00
packetstorm
packetstorm
WordPress Twenty Fifteen 4.2.1 Cross Site Scripting
2015-05-07 00:00:00
checkpoint_advisories
checkpoint_advisories
WordPress Genericons Cross-Site Scripting (CVE-2015-3429)
2016-03-10 00:00:00
wpexploit
wpexploit
Twenty Fifteen Theme <= 1.1 - DOM Cross-Site Scripting (XSS)
2015-05-06 00:00:00
thn
thn
WordPress Vulnerability Puts Millions of Websites At Risk
2015-05-06 23:58:00
ubuntucve
ubuntucve
CVE-2015-3429
2015-06-17 00:00:00
cve
cve
CVE-2015-3429
2015-06-17 18:59:00
debiancve
debiancve
CVE-2015-3429
2015-06-17 18:59:00
prion
prion
Cross site scripting
2015-06-17 18:59:00
openvas
openvas
Debian Security Advisory DSA 3328-1 (wordpress - security update)
2015-08-04 00:00:00
Debian: Security Advisory (DSA-3328-1)
2015-08-03 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3328-1] wordpress security update
2015-08-24 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-05-11 00:00:00
debian
debian
[SECURITY] [DSA 3328-2] wordpress regression update
2015-08-04 15:36:24
[SECURITY] [DSA 3328-1] wordpress security update
2015-08-04 06:51:55
nessus
nessus
Debian DSA-3328-1 : wordpress - security update
2015-08-13 00:00:00
Fedora 21 : wordpress-4.2.2-1.fc21 (2015-6808)
2015-05-21 00:00:00
Fedora 20 : wordpress-4.2.2-1.fc20 (2015-6790)
2015-05-21 00:00:00
osv
osv
wordpress - security update
2015-08-04 00:00:00
JSON
Related for SECURITYVULNS:DOC:32041
patchstack1wpvulndb1packetstorm1checkpoint_advisories1wpexploit1thn1ubuntucve1cve1debiancve1prion1openvas2securityvulns2debian2nessus3osv1